On Sat, 2010-04-10 at 17:22 -0400, Alex wrote:
Hi,
I'm using an older version of syslog-ng for now, until I can upgrade to post-3.0, but for the time-being I'd like to be able to use the match() and program() qualifiers to redirect output from bind to a specific file, from the local host as well as from remote hosts using local3.info.
Where can I find the documentation that describes the differences in usage for match() and program()? In the following line, what is considered "program" and what is considered "match"? How does this change if the line is from a remote host?
Apr 10 17:16:15 smtp01 postfix/cleanup[23834]: 1F3BBE74004: message-id=<20103410231614.1F3BBE74004@smtp01.myhost.com>
Can I match on hostname? Are there other parameters that might be helpful in classifying this information?
in syslog-ng 2.1 and below: $MSG contains everything starting from 'postfix/cleanup[23834] ..' $PROGRAM contains "postfix/cleanup" $PID contains 23834 in syslog-ng 3.0 (when not using the 2.1 compatibility mode) $MSG contains everything starting from '1F3BBE74 ...' $MSGHDR contains 'postfix/cleanup[23834]: ' $PROGRAM contains postfix/cleanup $PID contains 23834 -- Bazsi